8.OpenStack网络组件

添加网络组件

安装和配置控制器节点

创建数据库

mysql -uroot -ptoyo123
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'toyo123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'toyo123';
exit

创建服务凭据

source admin-openrc.sh
keystone user-create --name neutron --pass Abcd1234
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network \
  --description "OpenStack Networking"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ network / {print $2}') \
  --publicurl http://controller:9696 \
  --adminurl http://controller:9696 \
  --internalurl http://controller:9696 \
  --region regionOne

安装网络组件

yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient which

查询service
id下面编辑配置文件会用到

source admin-openrc.sh
keystone tenant-get service

编辑/etc/neutron/neutron.conf文件

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak
vim /etc/neutron/neutron.conf

[database]
connection = mysql://neutron:toyo123@controller/neutron

[DEFAULT]
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = Abcd1234
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = 89bc1f42c0194ef4b1ff2dfea07caf2f
nova_admin_password = Abcd1234
verbose = True

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Abcd1234

[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Abcd1234

编辑 /etc/neutron/plugins/ml2/ml2_conf.ini文件

mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak
vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
tunnel_id_ranges = :

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

编辑/etc/nova/nova.conf

vim /etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Abcd1234

完成安装

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service
systemctl enable neutron-server.service
systemctl restart neutron-server.service

验证

source admin-openrc.sh
neutron ext-list

安装和配置网络节点

配置内核网络参数

vim /etc/sysctl.conf
net.ipv4.ip_forward=
net.ipv4.conf.all.rp_filter=
net.ipv4.conf.default.rp_filter=

sysctl -p

安装网络组件

yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

编辑/etc/neutron/neutron.conf

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_bak
vim /etc/neutron/neutron.conf

[DEFAULT]
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = Abcd1234
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Abcd1234

编辑 /etc/neutron/plugins/ml2/ml2_conf.ini

mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = :

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 192.168.116.8
enable_tunneling = True
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

编辑/etc/neutron/l3_agent.ini

mv  /etc/neutron/l3_agent.ini  /etc/neutron/l3_agent.ini_bak

vim /etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
external_network_bridge = br-ex
router_delete_namespaces = True
verbose = True

编辑/etc/neutron/dhcp_agent.ini

mv  /etc/neutron/dhcp_agent.ini  /etc/neutron/dhcp_agent.ini_bak

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
dhcp_delete_namespaces = True
verbose = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

创建/etc/neutron/dnsmasq-neutron.conf并关掉dnsmasq进程

vim /etc/neutron/dnsmasq-neutron.conf

dhcp-option-force=,
pkill dnsmasq

编辑/etc/neutron/metadata_agent.ini

mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini_bak
vim /etc/neutron/metadata_agent.ini

[DEFAULT]
auth_url = http://controller:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = Abcd1234
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
verbose = True

编辑/etc/nova/nova.conf

mv /etc/nova/nova.conf /etc/nova/nova.conf_bak
vim /etc/nova/nova.conf

[neutron]
service_metadata_proxy = True
metadata_proxy_shared_secret = Abcd1234

重启nova-api服务

systemctl restart openstack-nova-api.service

　

配置开放的vSwitch（OVS）服务

systemctl enable openvswitch.service
systemctl start openvswitch.service
ovs-vsctl del-br br-ex && ovs-vsctl add-br br-ex && ovs-vsctl add-port br-ex eth0 && reboot

　　

创建ifcfg-br-ex

vim /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
ONBOOT=yes
OVSBOOTPROTO=none
IPADDR=192.168.116.8
PREFIX=24
DEFROUTE=yes
GATEWAY=192.168.116.1
DNS1="114.114.114.114"

编辑/etc/sysconfig/network-scripts/ifcfg-eth0

vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
NAME="eth0"
UUID="0e9ff19f-53db-4e78-ab16-a271ff92bd2b"
DEVICE="eth0"
ONBOOT="yes"

停止Gro并重启network服务

ethtool -K eth0 gro off && service network restart

创建ml2_conf.ini重定向并启动服务与设置开机自启动

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \
  /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \
  /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service \
  neutron-dhcp-agent.service neutron-metadata-agent.service \
  neutron-ovs-cleanup.service
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \
  neutron-dhcp-agent.service neutron-metadata-agent.service \
neutron-ovs-cleanup.service

验证

source admin-openrc.sh
neutron agent-list

配置计算机节点网络

编辑/etc/sysctl.conf

vim /etc/sysctl.conf net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 sysctl -p

安装网络组件

yum install -y openstack-neutron-ml2 openstack-neutron-openvswitch

编辑/etc/neutron/neutron.conf

mv  /etc/neutron/neutron.conf  /etc/neutron/neutron.conf_bak
vim  /etc/neutron/neutron.conf

[DEFAULT]
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = Abcd1234
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True

[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Abcd1234

编辑/etc/neutron/plugins/ml2/ml2_conf.ini

mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini_bak
vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_gre]
tunnel_id_ranges = :

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 192.168.116.10
enable_tunneling = True

[agent]
tunnel_types = gre

启动OVS服务并将其配置为开机自启动

systemctl enable openvswitch.service
systemctl restart openvswitch.service

编辑/etc/nova/nova.conf

vim /etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Abcd1234

完成安装

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service \
  /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' \
  /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service
systemctl enable neutron-openvswitch-agent.service
systemctl restart neutron-openvswitch-agent.service

验证

source admin-openrc.sh
neutron agent-list

创建外部网络

source admin-openrc.sh
neutron net-create ext-net --router:external True \
  --provider:physical_network external --provider:network_type flat
neutron subnet-create ext-net --name ext-subnet \
  --allocation-pool start=192.168.116.240,end=192.168.116.250 \
  --disable-dhcp --gateway 192.168.116.1 192.168.116.0/

创建租户网

source demo-openrc.sh
neutron net-create lan-net
neutron subnet-create lan-net --name lan-subnet \
  --gateway 192.168.101.1 192.168.101.0/
neutron router-create lan-router
neutron router-interface-add lan-router lan-subnet
neutron router-gateway-set lan-router ext-net

创建路由器以便租户网可以连接外部

验证

ping 192.168.116.150

做了上面的ovs就不要做下面的传统网络

配置控制器节点

配置传统网络

编辑/etc/nova/nova.conf
重启服务

vim /etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.api.API
security_group_api = nova
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service

配置计算机节点

安装网络组件

yum install -y openstack-nova-network openstack-nova-api

编辑 /etc/nova/nova.conf

vim /etc/nova/nova.conf

[DEFAULT]
network_api_class = nova.network.api.API
security_group_api = nova
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size =
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = eth0
flat_interface = eth0
public_interface = eth0

启动服务并配置为开机自启动

systemctl enable openstack-nova-network.service openstack-nova-metadata-api.service
systemctl restart openstack-nova-network.service openstack-nova-metadata-api.service

创建初始网络（192.168.116.25/29根据当前外网计算得出的这里的外网是指云主机获取到的ip可直接访问外网,生产环境中可将这里配置为从运营商那里获取到的ip段）

source admin-openrc.sh
nova network-create demo-net --bridge eth0 --multi-host T \
  --fixed-range-v4 192.168.116.25/

验证

nova net-list